IntuneStatefulDeviceFingerprinting
KuShu-Shimon Intune Stateful Device Fingerprinting (ISDF) provides a tamper-resistant device fingerprint for enrolled Windows devices, enforced via Intune Custom Compliance and DPAPI-encrypted baselines. In Cloud mode it attests fingerprints to Entra ID through APIM and a Logic App to enable trusted device filters, dynamic groups, and stronger Conditional Access policies. The solution collects on-device signals, stores encrypted baselines, self-heals missing keys, and reports ISDF booleans for compliant state.
Security Analysis
3 files scanned on Jan 8, 2026
The codebase shows obfuscated inline PowerShell in a watchdog component, SYSTEM-level persistence via a scheduled task, and an optional data exfiltration path to an external webhook in the fingerprinting/detection flow. No hardcoded secrets detected.
You might also like
Intune Make Enrollment User Admin
This Intune-deployable script elevates the enrollment user to a local administrator on Windows devices. Packaged as an .INTUNEWIN app, it is deployed through Microsoft Intune to targeted users with install and uninstall commands to grant or revoke admin rights after enrollment. It uses a requirements check for detection and can be reconfigured later, providing an Autopilot-like capability fully managed by Intune.
Niklas RastRun as Domain User
A wrapper app that uses ShellRunAs to launch a target executable under a defined Active Directory domain user from non-domain-joined Windows devices. It enables cloud-managed devices to run legacy on-prem tools (RSAT) by prompting for domain credentials and launching the configured app with elevated rights. It relies on simple domain.txt and app.txt configuration and is packaged for Intune with explicit install/uninstall commands and a Start Menu entry.
Niklas RastMace
M.A.C.E. is a native macOS app that lets security teams build, customize, audit, and deploy macOS compliance baselines using the mSCP 2.0 framework without scripting. It offers a visual, three-panel editor with 500+ rules, real-time audit results, and exportable configuration profiles for MDMs such as Intune and Jamf. The tool prioritizes ease of use, cross-MDM readiness, and reproducible baselines.
Cody KeatsIntuneComplianceMaintainer
IntuneComplianceMaintainer is a PowerShell automation script that keeps Microsoft Intune compliance and app-protection policies up to date with the latest supported OS minimums across iOS, iPadOS, macOS, Android, and Windows. It uses endoflife.date and the Graph Windows Update Catalog to drive cadence-based updates, with flexible authentication (Managed Identity, App Registration with certificate or secret, plus Key Vault integration) and safety features like dry-run and downgrade protection. It provides comprehensive logging and built-in retry logic for resilience.
James Robinson